| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 12 Nov 2016 20:08:24 +0100
From: "Jason A. Donenfeld" <Jason@...c4.com>
To: David Ahern <dsa@...ulusnetworks.com>
Cc: Netdev <netdev@...r.kernel.org>,
WireGuard mailing list <wireguard@...ts.zx2c4.com>,
LKML <linux-kernel@...r.kernel.org>,
YOSHIFUJI Hideaki <hideaki.yoshifuji@...aclelinux.com>,
Hannes Frederic Sowa <hannes@...essinduktion.org>
Subject: Re: Source address fib invalidation on IPv6
Hi David,
On Sat, Nov 12, 2016 at 7:14 PM, David Ahern <dsa@...ulusnetworks.com> wrote:
> I believe that is coming from __ip_route_output_key_hash(), line 2232 with __ip_dev_find not finding a device with that address.
It's possible we simply are looking at different source trees, but I
have the -EINVAL return in 4.8 route.c sources happening due to the
assignment on line 2175 and the jump on line 2220.
> Not applicable for your use case, but __ip_dev_find does not have any checks on which L3 domain the device belongs to so the check does not handle VRF for example. I'll take a look at fixing this next week.
Interesting.
>
> Gotcha. I don't see any checks that the saddr is valid similar to what IPv4 does.
>
> I think the right place to add a check is in ip6_dst_lookup_tail():
> if (!ipv6_addr_any(&fl6->saddr)) {
> // saddr is valid for L3 domain
> }
Right. It should probably do the check here, and return
ERR_PTR(-EINVAL), the same as the v4 version, so that ret codes can be
checked consistently.
Thanks for looking into this. If you're backed up and would like me to
submit a patch, just let me know, and I'll give it my best shot.
Regards,
Jason
Powered by blists - more mailing lists